I recently dug out some prototyping equipment from the trash and I want out figure out what the heck it is. It has a port labelled 'Ethernet' and when I plug it into a router the lights flash like its trying to pull an ip but it does not.

My router is running DD-Wrt and I have a netbook with Knoppix I can use on the router. How could I go about sniffing the communication and figure out what IP the device wants and how to communicate with it?

2 Answers
2

Perhaps the easiest way is to use your netbook - just because you don't have to filter out unrelated traffic later. You can use tcpdump to dump all traffic on your ethernet device. After starting up tcpdump you connect your equipment. After nothing flashes any more you disconnect it and you can look at the dump with wireshark. The dump should contain ARP/dhcp etc. related traffic that originates from the trashed equipment.

My vote would be for wireshark. You might also want to get hold of a cross over cable in case the device acts as a hub / router / bridge.
–
symcbeanApr 3 '12 at 11:44

@symcbean, afaik, with all recent ethernet NICs (probably since the late nineties) you don't need a cross-over cable any more - they auto-detect crossing/non-crossing such that you can use a normal cable.
–
maxschlepzigApr 3 '12 at 14:16

I was able to sniff directly from the netbook using Wireshark. The device announces itself via ARP, I then used my browser to see if their was a web interface and the device replied with two failures. oraclenet8cman, sisitview. I then tried https and then got caicci, hks-lm, csbphonemaster and pptp.
–
uMindedApr 3 '12 at 21:37

@maxschlepzig So it looks like to me that it has an open port to talk with Oracle's database. Must have stored some info but I have never even seen Oracle DB so I will probably just figure out where the JTAG pins are and roll my own setup.
–
uMindedApr 4 '12 at 1:41

It might be simpler to start by attaching the device directly to the netbook and running tcpdump on the netbook Ethernet NIC. You might need a crossed Ethernet cable for this.

If the netbook has no Ethernet NIC, then the next simplest thing to do would be to use a USB/Ethernet NIC on the netbook to connect directly to the device.

If for some reason neither of the above is possible, it would be better to just use the netbook to SSH into the DD-WRT and install tcpdump there using instructions such as these. I haven't done this myself on DD-WRT, but have done it on similar AP's.

The bottom line is that you want to be able to run tcpdump or Wireshark or similar against an Ethernet NIC on some platform that is connected directly to the Ethernet NIC of the device.